A more than a year ago I’ve created a proof of concept that allowed to read paid content on SME.sk. I upgraded it today
to not only read paid content for free but also to watch paid movies for free.
Basically as a paying customer, you can read premium articles from columnists, watch premium videos (whole movies) and use discussion under articles.
So lets take a closer look at articles and videos security.
Paid articles are available for free in the mobile app. I think that they choose to not monetize mobile content because it will be against the App Store rules. But maybe I’m wrong. So if there is a content that it is for free in mobile app then there must be a way to “unlock” this content in desktop browsers. And in fact there is. Mobile app is just a simple feed reader that displays mobile web pages. I found out that feed in device logs and it looked liked this:
: FeedController loadFeed:http://s.sme.sk/export/phone/?t=hp&muid=XXXXXXXXXXXXXXXX : > : /section/Dnes dôležité : FeedLoader: didLoadFeed:
Then I looked at the URL from log (Browser must identified himself as iPhone or Android = Safari on Mac OS X works fine)
After a deeper analysis I found out that URL for article is:
ARTICLE_ID is a number that can be found in article URL (http://sport.sme.sk/c/6775070/…).
I’ve created a simple Google Chrome extension that automaticly replaces paid content with “free” content from mobile app. Only implemented security is that there is a check for user agent string (UA) in the request. If UA is mobile then they return content if not they return nothing.
It is like to have open safe full of money behind painting and hope that the thief will not look behind the only painting in your room…
Videos are working on the same principle as articles. Only difference is that you can’t watch premium videos on mobile device. Premium videos are not in the XML feed for mobile app. But it doesn’t mean that if something isn’t visible that it doesn’t exists. Everything is on the server.
URL for videos is:
For example this is paid movie:
This can’t be found in the mobile app. But it is prepared for mobile app on the server:
So once again I’ve implemented new functionality to my extension that automatically replaces paid content with “free” content. I was not happy how the mobile content was displayed so I’ve included HTML5 video player that will play video.
Quality of the video is not the best as the video is intended for mobile devices where you don’t need big resolutions and also the network speed isn’t very good.
- Download extension (.zip)
- Unzip downloaded file (.crx)
- Type chrome://extensions in your Google Chrome browser
- Drag and drop unziped (.crx) file to Google Chrome extensions tab
Before installation make sure that you uninstalled older version of this extension (if you have it).
If you have any question feel free to ask.
This extension was made only for test purposes. Buy Piano subscription.
I’m sending an email to guys from SME.sk with the link to this article . I hope they will fix this “security” issue.
UPDATE 2013.04.30 – It seems that no one cares at sme.sk about it.
UPDATE 2013.05.19 – Support for etrend.sk and hnonline.sk.
UPDATE 2014.05.18 – https://github.com/ejci/nepi-jano/raw/master/releases/nepi_jano_0.9.7.crx.zip